11-11-2020 09:28 AM
I have a hub and spoke network with 7750 at the center and about 20 or so 7250/7150 switches(some in 2-3 switch stacks). There is a network outside of my control but utilizing my 7250/7150 switches for interconnect. i have 802.1w enabled for this vlan as well as loop-detection(under the vlan). What iv noticed is when that network gets a mac loop, instead of my edge port disabling, the uplink to the core goes down. Sometimes switches across the network will also go down. Its currently causing chaos in my network when this happens.
I have spanning-tree 802-1w admin-edge-port enabled on all edge ports and spanning-tree 802-1w admin-pt2pt-mac enabled on all uplinks. I have had support go over my config twice now and have told me the configuration is correct, but they havent been able to explain this behavior to me.
What am i missing?
Solved! Go to Solution.
11-11-2020 09:41 AM
Hey Christian,
We have a feature to make sure uplinks are not disabled. Please see here:
Loop detection should still work properly; we just won't disable the specified port.
11-12-2020 07:23 AM
Have you set the priority of your switches as to which one is root and so on down the line. If you have single links between your switch or LAG's and are in 100% control of the switches and the potential of a loop between stacks within a building or between buildings I would suggest BPDU-Filtering. This will limit the STP domain size to a single stack or stacks or a single building and also not allow the uplink ports between switch stacks or buildings to go down. I do this on all of our larger campus networks to help prevent exactly what you are experiencing.
11-16-2020 11:48 AM
I was under the assumption that having spanning-tree 802-1w admin-edge-port on edge ports dropped BPDUs? I ended up enabling loop-detection shutdown-disabled on all my uplinks. The network is stable once again and errdisabled ports are now correctly only the edge port.
11-16-2020 12:42 PM
To turn off STP on a port you would turn on STP-protect as it will drop bpdu's coming in on a port but not going out. You do a no spanning-tree to turn off STP protection per port.
Loop-protect works with ports that have devices that are not running STP. It sends out a loop discovery packet and if it sees that packet come back it knows there is a loop and will disable the port as the packet should not come back into the port it went out. You should not have loop protect on the ports that connect switches together.
11-14-2020 10:59 PM
If the loop is on the uplink side with multiple redundant links pls try configure a lag to act as a bundle, however from STP perceptive make sure the ports and switches are fully converged to have a common root bridge to block all redundant links in your network.
Thanks
Jijo